January2018
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
January 2018 Edition | GSN Magazine | The News Leader in Physical, IT and Homeland Security<br />
Cybersecurity<br />
Pilot Project Helps Secure First Responder<br />
Apps From Cyberattacks<br />
Washington, D.C.—A pilot project<br />
by the Department of Homeland<br />
Security (DHS) Science and Technology<br />
Directorate (S&T) resulted in the<br />
successful remediation of potential<br />
cybersecurity vulnerabilities in mobile<br />
applications (apps) used by the<br />
nation’s public-safety professionals,<br />
supporting the creation of an on-going<br />
mobile app-testing program.<br />
In emergency and disaster situations,<br />
mobile devices and apps enable<br />
public-safety professionals to receive<br />
and share critical information in real-time,<br />
which enhances the delivery<br />
of life-saving services. As reliance<br />
on mobile technology grows, it is<br />
important that mobile apps used by<br />
public safety are free of malware or<br />
vulnerabilities.<br />
The pilot testing project—“Securing<br />
Mobile Applications for First<br />
Responders”—was a joint effort of<br />
the Homeland Security Advanced<br />
Research Project Agency’s Cyber<br />
Security Division, S&T’s First Responder<br />
Group (FRG), Association<br />
of Public-Safety Communications<br />
Officials (APCO) and Kryptowire,<br />
LLC, the developer of a leading<br />
mobile app-vetting platform that was<br />
funded by S&T.<br />
Its dual goals were to improve mobile<br />
app security for the public-safety<br />
community and determine the need<br />
for a sustainable model for testing<br />
the security and privacy-protection<br />
capabilities of public-safety apps.<br />
To these ends, the pilot sought to<br />
determine the degree to which the<br />
selected public-safety apps are vulnerable<br />
to cyberattacks—malware,<br />
ransomware and spyware—or had<br />
coding vulnerabilities that could<br />
compromise the device’s security,<br />
expose personal data or allow for<br />
eavesdropping.<br />
“This pilot project illustrates the<br />
efficacy, benefits and value an ongoing<br />
app-testing program will provide<br />
to the public-safety community and<br />
the nation,” said Vincent Sritapan,<br />
S&T’s Program Manager for Mobile<br />
Security Research and Development.<br />
“During the testing phase, numerous<br />
cyber vulnerabilities were identified<br />
and remediated. This model can be<br />
used to ensure all apps used by the<br />
public-safety professionals are secured<br />
against cyberattacks and other<br />
security and privacy weaknesses.”<br />
For the study, APCO selected 33<br />
popular apps (iOS and Android<br />
versions counted separately) created<br />
by 20 developers that are offered<br />
through AppComm, its public-safety<br />
application directory. The pilot was<br />
conducted over three months by the<br />
team using Kryptowire’s mobile app<br />
software testing platform integrated<br />
into APCO’s AppComm website.<br />
The testing scrutinized each app’s<br />
35